Repeated and successful attacks on fiber-optic cables in California have security experts warning that the Internet's physical infrastructure is “basically unsecured” — and vulnerable to casual, determined attackers.
FBI agents in California are investigating after someone early Tuesday morning severed three high-capacity fiber-optic cables, causing Internet outages in the San Francisco area and in suburban Sacramento. The attack was the 11th in a year. The outages highlight that virtually all information today is routed via the Internet — from phone calls and Facebook updates to remote security cameras.
Experts and the FBI say whoever cut the lines needed tools and expertise. It's unlikely the repeated cuts are simple vandalism. The attacks generally happened in underground vaults where the cables were protected by sheathing called conduit.
The underground vaults are rarely monitored and often sit in remote areas. In many parts of the West, the cables are buried a few feet. But their routes are marked by waist-high orange poles, and above-ground junction boxes are housed in easily accessible storage sheds.
Although the Internet was designed to be redundant, there aren't many backbone cables. Cutting a few could cause widespread disruption.
“Our most critical infrastructure is basically unsecured,” said Roger Entner of Recon Analytics.
Fixing the three cables cut Tuesday took more than five hours, and they were all in the same vault, the FBI said. What worries security consultants is that someone is testing how long cable repairs take and how customers respond. Repair teams working for Colorado-based Level 3 and Zayo needed more than five hours to fix their cables.
“There are a lot of people who didn't get to watch ‘House of Cards,' ” said Brian Laing of Lastline, an Internet security firm.
He said a more sophisticated attacker could access the backbone cables and siphon off data — or even worse, conduct what's known as a “man in the middle” attack in which data is intercepted, changed and then sent back on its way, with no one the wiser.
“You can spend a lot of money on encryption and firewalling, but you need to cover the basics,” Ralph Descheneaux of Network Integrity Systems said.
